However, afterwards, I'm redirected to my site with the following error message:

AADSTS90008: The user or administrator has not consented to use the application with ID "<myADAppID>". This happened because application is misconfigured: it must require access to Windows Azure Active Directory by specifying at least "Sign
in and read user profile" permission.
Trace ID: 4749c198-13b4-45c6-a4dc-eafb033bff36
Correlation ID: 795d77f5-bb4b-46a3-9411-c258fb338c52
Timestamp: 2016-12-09 04:49:21Z

I have specified those permissions in the ADApp through the AzurePortal, and confirmed in the ADApp Manifest, but I continue to get this error.

Answers

Deleted all Required Access permissions. Added back only the Windows AAD permission for "Sign in and read user profile"

I also had to change the reply url to
https://<mywebapi>.azurewebsites.net/.auth/login/aad/callback

And in my Startup.cs, and I commented out the line
ConfigureAuth(app);
in the Startup.Configuration method

In my WebApp in the Azure Portal, I changed the Auth configuration from using the Express option to the Advanced option, added in my app id, client key, and then I had to look up the proper Issuer Url

Issuer Url came from AAD > App Registrations > Endpoints. Copy Url for FEDERATION METADATA DOCUMENT, paste it in a browser. In the EntityDescriptor tag, there is a property called entityID. Copy that value into the Issuer Url of the WebApp's
Auth config.

Deleted all Required Access permissions. Added back only the Windows AAD permission for "Sign in and read user profile"

I also had to change the reply url to
https://<mywebapi>.azurewebsites.net/.auth/login/aad/callback

And in my Startup.cs, and I commented out the line
ConfigureAuth(app);
in the Startup.Configuration method

In my WebApp in the Azure Portal, I changed the Auth configuration from using the Express option to the Advanced option, added in my app id, client key, and then I had to look up the proper Issuer Url

Issuer Url came from AAD > App Registrations > Endpoints. Copy Url for FEDERATION METADATA DOCUMENT, paste it in a browser. In the EntityDescriptor tag, there is a property called entityID. Copy that value into the Issuer Url of the WebApp's
Auth config.